Synthetic physically unclonable function derived from an imaging sensor

ABSTRACT

There is disclosed a method of handling a sensor, comprising the steps of: defining a subset of sensor components of the sensor; challenging said subset under uniform conditions; receiving output signal values from said subset; for each component of the subset, determining the statistical moment of order i of the temporal distribution of the output signal value of said each sensor component; determining one or more outliers sensor components, said outliers sensor components being components whose ith order statistical moment has a difference with the mean value of the spatial distribution of the chosen moment over the subset superior in absolute value to a threshold, the ith order statistical moment of one sensor component being estimated on the temporal distribution associated to this sensor component. Developments describe in particular the use of imaging sensors, key generation, authentication, helper data files and the handling of videos.

TECHNICAL FIELD

This invention generally relates to the field of digital data processingand more particularly to methods and systems for key generation from animaging sensor.

BACKGROUND

Imaging sensors such as cameras or displays are now widespread inconsumer electronics devices such as smartphones or computer devices.

Few known approaches are directed towards the security of such sensors.Some existing approaches describe how to use cameras and/or displays toauthenticate users. An imaging sensor is rarely considered for itself.

These existing approaches present limitations.

In particular, there is a need for methods and systems to generatereliably an identifier or key from an imaging sensor.

SUMMARY

There is disclosed a method of handling a sensor, comprising the stepsof: defining a subset of sensor components of the sensor; challengingsaid subset under uniform conditions; receiving output signal valuesfrom said subset; for each component of the subset, determining thestatistical moment of order i of the temporal distribution of the outputsignal value of said each sensor component; determining one or moreoutliers sensor components, said outliers sensor components beingcomponents whose i^(th) order statistical moment has a difference withthe mean value of the spatial distribution of the chosen moment over thesubset superior in absolute value to a threshold, the i^(th) orderstatistical moment of one sensor component being estimated on thetemporal distribution associated to this sensor component. Developmentsdescribe in particular the use of imaging sensors, key generation,authentication, helper data files and the handling of videos.

In a specific embodiment directed towards an imaging sensor, there isdisclosed a computer-implemented method of handling an imaging sensorcomprising a plurality of pixels, the method comprising the steps of:defining a subset of pixels of the imaging sensor; taking N images whilechallenging said subset of pixels under spatially uniform conditions;receiving output signals from said subset of pixels; for each pixel ofthe subset of pixels, determining the statistical moment of order i ofthe temporal distribution of the signals of said each pixel for the Ntaken images; determining one or more outliers pixels, said outlierspixels being pixels whose i^(th) order statistical moment has adifference with the mean value of the spatial distribution of the chosenmoment over the subset superior in absolute value to a threshold, thei^(th) order statistical moment of one pixel being estimated on thetemporal distribution associated to this pixel when taking the N images.

There is disclosed a computer-implemented method of handling an imagingsensor comprising a plurality of pixels, the method comprising the stepsof: defining a subset of pixels of the imaging sensor; taking N imageswhile challenging said subset of pixels under spatially uniformconditions; receiving output signals from said subset of pixels; foreach pixel of the subset of pixels, determining the statistical momentof order i of the temporal distribution of the signals of said eachpixel for the N taken images; determining one or more outliers pixels,said outliers pixels being pixels whose i^(th) order statistical momentmoment(i) are such that |moment(i)−mean|>threshold, whereby thethreshold is predefined and the mean is the mean value of the spatialdistribution of said i^(th) order statistical moment over the subset ofpixels, the i^(th) order statistical moment of a pixel being determinedon the temporal distribution associated to said pixel when taking the Nimages.

Advantageously, residual and irreducible flaws of a manufactured imagingsensor can be leveraged for key generation.

Advantageously, the generated key is hardware-enabled so that it can beunique by construction. The generated key is reliable (to some extent,the property of reliability of the key can be ensured or controlled). Asame key (modulo a fixed acceptable or predefined error rate) can beobtained when repeatedly generated.

Advantageously, embodiments of the invention leverage i.e. exploit thevery high number of pixels which are addressable in image sensors.Experimental data has shown that a sufficient number of outliers' pixelscan be identified and be further characterized, at least with currentand foreseeable manufacturing technologies.

Said key generation can be usefully used for authentication and/orciphering of data (confidentiality). The generated key also can be usedas a signature (i.e. to sign a message).

Authentication designates the operation of identifying a computer device(e.g. by comparing collected identifiers). Authentication advantageouslycan be achieved by using a digital signature algorithm (random key andrandom/unpredictable nonce). In some embodiments, authentication can beenabled by using secret keys (e.g. HMAC, CMAC).

Ciphering refers to ability of protecting data e.g. by generating asecret (or private) key intrinsic to the imaging sensor and following tothe consumer electronics device enclosing or securely associated to theimaging sensor. Asymmetric (private key and a nonce) or symmetric(secret key or stream cipher) encryption may be used.

Embodiments of the invention may advantageously be used for trustedcomputing (e.g. root of trust, i.e. hardware/software components thatare inherently and initially trusted).

In some embodiments, a key can be used as a seed for a DeterministicRandom Bit Generator (DRBG), also known as a pseudorandom numbergenerator (PRNG).

In some embodiments, the presence of an embedded and accessible sensor(e.g. in a smartphone) can be leveraged. Advantageously, embodiments ofthe invention do not require additional hardware integration and/ormodification of existing hardware, thereby does not increasemanufacturing or operational costs.

Advantageously, embodiments of the invention allow protecting privacyand sensitive data. Advantageous embodiments include secure login to amobile website (e.g. email account, social account, banking account,etc), signature of emails or documents, mobile payment (e.g.crypto-currency or money transactions), and authentication of Internetof Things devices (e.g. smartwatches, smartphones, smart-meters),healthcare applications, automotive applications (e.g. cars doorcontrolling), logistics and supply chain management (e.g. for electronicdevices) applications, machine-to-machine communications (M2M), roboticsor domotics.

BRIEF DESCRIPTION OF DRAWINGS

Embodiments of the present invention will now be described by way ofexample with reference to the accompanying drawings in which likereferences denote similar elements, and in which:

FIG. 1 shows a system view of an embodiment of the invention;

FIG. 2 illustrates examples of steps of the method according to theinvention;

FIG. 3 illustrates an example of uniform conditions;

FIG. 4 illustrates structural aspects of specific embodiments leveragingshared electronics in the imaging sensor.

DETAILED DESCRIPTION

FIG. 1 shows a system view of an embodiment of the invention.

The figure shows a computer device 1 comprising an imaging sensor 100.

A “sensor” is an object or a device whose purpose is to measure and/ordetect events or changes in its environment, and then provide acorresponding output.

The “sensor” manipulated by the invention can designate a broad range ofsensors. A sensor produces or reflects ou outputs or provides values orsamples or acquisition values or measurements.

The digitalization of the society leads to a fast-growing development ofcontactless technologies, which not only interconnect human beings, butalso objects between themselves. This phenomenon is called Internet ofThinks (IoT): it is anticipated that ten times more machines willexchange information over interconnected networks, such as Internet or4G/5G networks, than human beings. These objects are meant to collectinformation and, possibility, react on the real world. Informationcollection is important for IoT devices, to report meaningful status andawareness about their environment. Nowadays, a significant amount ofmeasurements updated on-the-fly make up big data. Big data has valueonly if it has a high veracity, meaning that it can match well theenvironment in terms of reliability and accuracy of the collectedmeasures. Thence, many devices with many diverse sensors are being andwill be deployed. For improved veracity, multiple sensors are deployed,so as to collect multivariate (hence more rich) information (e.g., invarious directions, or same instances of sensors placed at differentlocations, etc.), and which is in addition redundant, for an enhancedresistance to failure, and also to further increase the signal-to-noiseratio by diversity. As a consequence, IoT devices progress towardscommoditization, which many sensors, aimed at being resilient. This inparticular implies that there are many different venues to get theresults of the “same” measurements (the goal of the variety of sensorsis diverted to be used as a measurement of the measurement sensorsthemselves, all things being equal.

In some embodiments, no formed “images” are required; consequently,there is no need for an imaging sensor.

In some embodiments, a sensor according to the invention can be a timeof flight (TOF) camera. Such a sensor does not construct an image per sebut a matrix of distances.

In some embodiments, a sensor according to the invention can be anon-imaging thermal sensor, such as a bolometer. In some embodiments, asensor can be a magnetic sensor, which can be turned into a matrix ofmeasurements.

In an embodiment, a “sensor” is an imaging sensor. An image sensor orimaging sensor is a sensor that detects and conveys the information thatconstitutes an image. Image sensors comprise digital cameras, cameramodules, medical imaging equipment, night vision equipment such asthermal imaging devices, radar, sonar, and others.

An imaging sensor comprises a plurality of sensors, i.e. “pixels” or“photosites” (e.g. 101, 102, 103, and 104).

A pixel 101 comprises a photodiode (e.g. 1011) and one or moretransistors (e.g. 1012). A “photodiode” is a semiconductor device whichconverts light into an electrical current.

In digital imaging a “pixel” or “dot” is a physical point which is thesmallest addressable element in an imaging sensor. A pixel considered bythe invention can be “active” or “passive”. An active-pixel sensor (APS)is an image sensor consisting of an integrated circuit containing anarray of pixel sensors, each pixel containing a photo-detector and anactive amplifier. The term “active pixel” sensor is also used to referto the individual pixel sensor itself, as opposed to the image sensor(the image sensor can then be called an “active pixel sensor imager” or“active-pixel image sensor”). “Passive-pixel” sensors are pixel sensorswithout their own amplifiers or active noise cancelling circuitry (e.g.CCDs).

The figure further shows examples of a working pixel 101 (following theexpected behavior or law), an “outlier” pixel 102 and another workingpixel 104 (normal or average responses, among which outlier “pixels” canbe selected).

“Pathological” pixels are not leveraged by the present invention.Pathological pixels are pixels which (i) repeatedly and (ii) abnormallyreact to uniform and comparable inputs. The abnormality criterion candive into the properties of the signals indeed (order 1, order 2, andhigher orders). Pathological pixels are likely to be found in low costsystems (e.g. Internet of Things devices, low end mobile devices), wherethe quality of the imaging device is not critical to those systems.Manufacturing processes controls for such devices are generally lessstrict and/or mature.

By contrast, embodiments of the present invention do leverage “outliers”pixels, i.e. pixels which follow the Gaussian law as do other pixels(inherently and residually due to manufacturing processes) but whichpresent extreme values (in the wings of the Gaussian distribution). TheGaussian Law is associated to a residual dispersion of manufacturingprocesses and outputs for a same uniform input are spatiallyindependently and identically distributed (regarding random variables).In some embodiments of the invention, if known, pathological pixels canbe discarded (pure and simple). Outlier's pixels are likely to be foundin more expensive devices, where the imaging functionality can beconsidered as core or critical (e.g. cameras, televisions, tablets,etc). Such devices are generally manufactured according to higherstandards and requirements. The manufacturing is generally bettercontrolled. Residual dispersion of the manufacturing process is generalindependently and identically distributed (regarding variables).

Depending on the input value (incident illumination) and the number oftaken images N, outliers and pathological pixels may beindistinguishable. Knowing signals' distributions in more details (withmuch more images being acquired) can allow determining the probabilitythat a given pixel is pathological and/or outliers. In other words,outliers and pathological pixels are not mutually exclusive. Yethandling such respective categories can be complimentary for concreteapplications. For key generation purposes, it might be that the“superficial” determination and further handling of outliers' pixels canbe easier to perform than a “deep” analysis at second moment order todetermine pathological pixels. Such scenario depends in particular onthe technology and on the manufacturing process used for the imagingsensor.

Taking N images allows estimating within a certain confidence intervalthe ith statistical moments of the temporal response distribution foreach pixel. For a given order i, the spatial distribution of the ithorder moment over the subset allows to identify outliers pixels whichare of the ith considered order at both wings of the Gaussian-likedistribution (value without n standard deviation away from the mean,where n is tuned depending on the number of outliers pixels needed sobasically the length of the identifier/key).

Pathological pixels according to the invention are likely to be found inlow cost systems (e.g. Internet of Things devices, low end mobiledevices), where the quality of the imaging device is not critical tothose systems. Manufacturing processes controls for such devices aregenerally less strict and/or mature.

Outliers' pixels according to the invention are likely to be found inmore expensive devices, where the imaging functionality can beconsidered as core or critical (e.g. cameras, televisions, tablets,etc). Such devices are generally manufactured according to higherstandards and requirements. The manufacturing is generally bettercontrolled. Residual dispersion of the manufacturing process is generalindependently and identically distributed (regarding variables).

An “imaging sensor” considered by the invention can be diverse.

Examples of image sensors' types manipulatable by the invention comprisesemiconductor charge-coupled devices (CCD), active pixel sensors incomplementary metal-oxide-semiconductor (CMOS), N-typemetal-oxide-semiconductor (NMOS, Live MOS) technologies and others. APSsensors can be used in camera phones, in digital radiography, or insecurity cameras for example. CMOS type sensors are widely used, fromdigital photography to mobile phone cameras. A standard CMOS APS pixelcomprises of a photodetector (a pinned photodiode), a floatingdiffusion, a transfer gate, reset gate, selection gate andsource-follower readout transistor—the so-called 4T cell. The use ofintrapixel charge transfer can offer lower noise by enabling the use ofcorrelated double sampling (CDS). For applications such as large-areadigital X-ray imaging, thin-film transistors (TFTs) can also be used inAPS architecture.

In some embodiments, the imaging sensor can be a planar Fourier capturearray (PFCA), which is a camera composed of angle-sensitive pixels whichrequires no mirror, lens, focal length, or moving parts. One or morepixels manipulated by embodiments of the invention can comprise anangle-sensitive pixel (ASP), which is a light sensor made entirely inCMOS with a sensitivity to incoming light that is sinusoidal in incidentangle.

In some embodiments, the imaging sensor can be a back-illuminatedsensor, also known as backside illumination (BSI or BI) sensor.

An imaging sensor can be as example a CMOS camera sensor.

In addition to emission, a LED can be used as a photodiode in lightdetection.

A solar cell used to generate electric solar power is a photodiode.

Imaging sensors can be manufactured in a two-dimensional grid or arrayor matrix, or as a square or any shape, including three dimensionalshapes.

The “computer device” according to the invention can be a smartphone orany consumer electronics device (e.g. laptop, smart watch, virtualreality or augmented reality device, game console, television, anInternet of Things device as well; for example a smart meter indomotics; mecatronics components in automotive; medical devices orcomponents in healthcare; elements for infrastructure e.g. smart city,transportation, logistics; banking devices in finance; etc).

The computer device can comprise diverse resources (computing resourcesCPU, memory or storage resources, graphical display resources GPU andcommunication resources I/O). Resources implement one or more of thedescribed steps can be accessed remotely (e.g. in the Cloud or remoteservers) and/or locally (in the computer device). In other words, forexample, key generation can be triggered from a remote server and thecomputer device as a smartphone can perform the steps to generate orverify the key.

FIG. 2 illustrates examples of steps of the method according to theinvention.

In an embodiment, there is disclosed a method of handling a sensor, themethod comprising the steps of: defining a subset of sensor componentsof the sensor; challenging said subset of sensor components underuniform conditions; receiving output signal values from said subset ofsensor components; for each component of the subset of sensorcomponents, determining the statistical moment of order i of thetemporal distribution of the output signal value of said each sensorcomponent; determining one or more outliers sensor components, saidoutliers sensor components being components whose i^(th) orderstatistical moment has a difference with the mean value of the spatialdistribution of the chosen moment over the subset superior in absolutevalue to a threshold, the i^(th) order statistical moment of one sensorcomponent being estimated on the temporal distribution associated tothis sensor component.

In an embodiment, the sensor is an imaging sensor and a sensor componentis an active pixel, the imaging sensor thereby comprising a plurality ofactive pixels.

In an embodiment, the step of challenging the subset of active pixelsunder uniform conditions comprises the step of acquiring a plurality Nof images.

In an embodiment, the sensor is a combination of independent sensors.

In an embodiment, the method further comprises the step of generating anidentifier from the determined outliers' sensor components.

In an embodiment, the method further may comprise the step of comparingthe generated identifier and/or hash value thereof with otheridentifiers to authenticate the imaging sensor.

In an embodiment, the threshold is received and/or predefined.

In an embodiment, the threshold is function of one or more desiredproperties of the generated identifier, said properties comprising bitlength and/or bit error.

In an embodiment, the number of images N and the threshold is set so asto determine repeatedly the same outliers pixels for a given statisticalorder i.

In an embodiment, information about outliers' sensor components isstored in a helper data file.

In an embodiment, uniform conditions are spatially uniform conditionsobtained by closing the shutter associated with the imaging sensor.

In an embodiment, uniform conditions are spatially uniform conditionsobtained by grounding out the photodiodes associated the pixels of thesubset of pixels.

In an embodiment, uniform conditions are spatially uniform conditionsobtained by adjusting the light source and/or by shaping the light beam.

In an embodiment, an image is in a lossy compression format.

In an embodiment, an image is a video frame.

In an embodiment, the subset of pixels is determined according tostructural information on the shared electronics of the sensor orimaging sensor.

There is disclosed a system configured to handle a sensor, comprising: aprocessor (or circuit e.g. FPGA) configured to define or to receiveinformation about a subset of sensor components of the sensor, saidsubset of sensor components being challengeable under uniformconditions; a receiver (or circuit or processor) configured to receiveoutput signal values from said subset of sensor components; for eachcomponent of the subset of sensor components, the processor beingconfigured to determine the statistical moment of order i of thetemporal distribution of the output signal value of said each sensorcomponent; the processor being further configured to determine one ormore one or more outliers sensor components, said outliers sensorcomponents being components whose i^(th) order statistical moment has adifference with the mean value of the spatial distribution of the chosenmoment over the subset superior in absolute value to a threshold, thei^(th) order statistical moment of one sensor component being estimatedon the temporal distribution associated to this sensor component.

In an embodiment, the processor (the same processor or another one) isfurther configured to generate an identifier from the determinedoutliers' pixels.

Other embodiments are now described. These embodiments are specificallydirected towards imaging sensors but may be applicable to othersituations involving other types of sensors.

In an embodiment, there is described a computer-implemented method ofhandling an imaging sensor 100 comprising a plurality of pixels, themethod comprising the steps of: defining 211 a subset of pixels of theimaging sensor; taking 212 N images while challenging said subset ofpixels under spatially uniform conditions; receiving 213 output signalsfrom said subset of pixels; for each pixel of the subset of pixels,determining 214 the statistical moment of order i of the temporaldistribution of the signals of said each pixel for the N taken images;determining 215 one or more outliers pixels, said outliers pixels beingpixels whose statistical distance to other pixels of the subset issuperior to a threshold.

The threshold (and for the case i=1, the statistical distance) can beset so as to maximize the reliability of the generated identifier. Thestatistical distance can be determined between temporal distributions ofsignals of pixels of the subset of pixels.

In an embodiment, there is disclosed a computer-implemented method ofhandling an imaging sensor comprising a plurality of pixels, the methodcomprising the steps of: defining a subset of pixels of the imagingsensor; taking a plurality N of images while challenging said subset ofpixels under spatially uniform conditions; receiving output signals fromsaid subset of pixels; for each pixel of the subset of pixels,determining the statistical moment of order i of the temporaldistribution of the signals of said each pixel for the plurality N oftaken images; determining one or more outliers pixels, said outlierspixels being pixels whose i^(th) order statistical moment has adifference with the mean value of the spatial distribution of the chosenmoment over the subset superior in absolute value to a threshold, thei^(th) order statistical moment of one pixel being estimated on thetemporal distribution associated to this pixel when taking the pluralityN of images.

In an embodiment, the method further comprises the step of generating anidentifier from the determined pixels.

In an embodiment, the method further comprises the step of comparing thegenerated identifier and/or hash value thereof with other identifiers toauthenticate the imaging sensor.

In an embodiment, the threshold is received or predefined.

In an embodiment, the threshold is function of one or more desiredproperties of the generated identifier, said properties comprising bitlength and/or bit error.

In an embodiment, the number of images N and the threshold is set so asto determine repeatedly the same outliers pixels for a given statisticalorder i.

In an embodiment, coordinates of outliers' pixels are stored in a helperdata file.

In an embodiment, spatially uniform conditions are obtained by closingthe shutter associated with the imaging sensor.

In an embodiment, spatially uniform conditions are obtained by groundingout the photodiodes associated the pixels of the subset of pixels.

In an embodiment, spatially uniform conditions are obtained on thesubset of pixels by adjusting the light source and/or by shaping thelight beam.

In an embodiment, an image is in a lossy compression format.

In an embodiment, an image is a video frame.

In an embodiment, the subset of pixels is determined according tostructural information on the shared electronics of the imaging sensor.

There is disclosed a system configured to handle an imaging sensorcomprising a plurality of pixels, said system comprising: a processorconfigured to define or to receive information about a subset of pixelsof the imaging sensor; the imaging sensor being configured to take Nimages while challenging said subset of pixels under spatially uniformconditions, N being equal or superior to 1; a receiver configured toreceive output signals from said subset of pixels; for each pixel of thesubset of pixels, the processor being configured to determine thestatistical moment of order i of the temporal distribution of thesignals of said each pixel for the N taken images, wherein N is superioror equal to i; the processor being further configured to determine oneor more outliers pixels, said outliers pixels being pixels whose i^(th)order statistical moment has a difference with the mean value of thespatial distribution of the chosen moment over the subset superior inabsolute value to a threshold, the i^(th) order statistical moment ofone pixel being estimated on the temporal distribution associated tothis pixel when taking the N images.

In an embodiment, the processor (or another processor) is (further)configured to generate an identifier from the determined outlier'spixels.

The term “defining”, used in connection with step 211, underlines thatthe choice of pixels (composing the subset of pixels which will befurther handled by steps of the invention) is in fine arbitrary. Forexample, the subset can be user-defined and/or random and/or selected bya third party (e.g. machine or algorithm), etc. The subset of pixels isthe pool of candidate pixels, which will be further considered ormanipulated.

Regarding the “subset of pixels”, the larger the subset of pixels, themore malfunctions in the manufacturing process can lead to usefulpixels. In some embodiments, knowledge about the imaging sensor andpixels thereof (e.g. manufacturing weaknesses, for example received asmetadata) and/or other reasons (e.g. pixels remaining in shadow when theshutter is opened) can lead to select one or more specific subsets.

In an embodiment, the defined subset can be the entire matrix or arrayof pixels of the imaging sensor (upped bound included). In someembodiments, the subset of pixels can comprise one or more rows (lines)and/or one or more columns of the imaging sensor. In some embodiment,the subset of pixels can comprise pixels forming lines, diagonals,squares, rectangles, ovals, ellipses, etc. The subset of pixels cancomprise patterns, i.e. regular repetition of motifs. Pixels can becontiguous, or not. Advantageously, unexposed pixels (e.g. thoseremaining in the dark even if the shutter is opened) can be used.

The considered subset(s), being smaller in surface than the entirematrix, can lead to improved performances (faster discovery/enrollmentand/or faster challenge-response times).

The expression “taking N images”, used in connection with step 212, canbe interpreted in that an image acquisition process is performed on orafter a triggering action. The triggering action in itself isindifferent and different triggering schemes are possible. In anembodiment, the acquisition can start once appropriate spatially uniformconditions are met. In some embodiments, image acquisition is continuousand images are filtered out after that the uniformity of acquisition isassessed. Image capture also can be conditional to user action. In someother embodiments, image acquisition can result from continuousevaluation of environmental conditions and obtained results (includingresults obtained progressively or on-the-fly).

Regarding the number of images to be taken, different compromises can bemade, depending on operational parameters, for example betweenacquisition environment (e.g. temperature drifting, available durationto take images, shutter speeds, memory available, etc), target keylength, available/discoverable pixels, reliability target of thegenerated key, etc.

Different phases can be distinguished. While a high number of images canbe taken at or during enrollment (to determine and characterize outlierspixels), a limited number of images can be required at run-time (toquery or challenge known outliers pixels in order to determine theidentifier). In an embodiment, the method is “burst-less”, i.e. does notrequire a plurality of images to be taken at run-time. With a singleimage, a sufficient number of outliers' pixels can be used to generatethe identifier with a desired key length. In an embodiment, the methodcan use a “burst” of images (i.e. a plurality of images taken in thesame physical conditions, in particular conditions of illumination,possibly during a short timeframe). This plurality of images can providethe data which can be leveraged to identify outliers' pixels.

The term “challenging” expresses that the underlying sensors (pixelsmade of photodiodes and transistors) can be “excited” or “solicited” or“queried” or “tested” or “interrogated” or “questioned”. In someembodiments, such challenge can take the form of an illumination orenlightening.

The subset(s) of pixels are placed into spatially uniform conditions2121. The expression «spatially uniform conditions» is now brieflydiscussed.

The term “spatially” underlines the spatial nature of the physicalparameters being considered (for example photons reaching out the matrixof pixels of the imaging sensor, grounding out conditions), also inopposition to the reference of temporal parameters (noise in particular,i.e. the evolution of excitation of pixels over time).

The term “uniform” thus refers to the distribution in space of inputs.Depending on embodiments, some definitions out of general dictionariescan be applicable (“identical or consistent from place to place”,“without variations in detail”, “unvarying”, “undeviating”, “occurringin a manner independent of some variable”). For example, photons canreach out the matrix of photodiodes in no privileged direction.

Output signals (of pixels) are voltages. In some embodiments, inputs canbe photons (when challenging photodiodes of pixels). In some otherembodiments, pixels or transistors associated with photodiodes can begrounded out (literally inputs are reduced to zero). In other words,uniform “illumination” can be determined electronically. The termuniform can thus refer to photons and/or to the lack of photons (i.e.grounding out conditions). The expression «spatially uniform conditions»thus may mean «spatially uniform illumination conditions» and/or«spatially uniform grounding-out conditions». It must be noted thatembodiments may not be mutually exclusive: absence of illumination, lowillumination, controlled illumination, and grounding out conditions canbe combined (for example for a subdivided matrix of pixels). Pixels canselectively be grounded out and/or illuminated.

According to a perspective oriented towards energy, it can be definedthat each pixel (i.e. the photodiode associated with said pixel) of theselected subset of pixels receives substantially the same amount ofenergy during image acquisition time (“integration time”). The quantity“energy” (received by the matrix of pixels and thus by the subset ofpixels) corresponds to the number of photons multiplied by h (Planckconstant) times nu (frequency). Each of the considered pixels receivessubstantially the same amount of energy. The term “substantially” refersto the fact that photons cannot usually be counted exactly and/orstrictly controlled experimentally. The very quantum nature of thesesystems also implies fundamental quantum uncertainties.

The expression «spatially uniform conditions» reflects the underlyingprinciple that small fluctuations of experimental (illumination,grounding-out) conditions shall or do not induce noticeable variationsof amount of energy received by pixels. Said differently, the totalenergy received by the sensor (all pixels) is the same. Even if localfluctuations can occur (some pixels can temporarily receive more energy,some less, there are quantum effects, etc), these variations ofuniformity will not change the total energy received over integrationtime. Statistically, each pixel will have received the same amount ofenergy at the end of the considered period.

Within said boundaries (“substantially the same amount of energyreceived per pixel during image acquisition time”), various macroscopicvariants can be performed. In the end, such temporal distribution ofenergy is indifferent.

In an embodiment, the method comprises a step of determining 215 one ormore “outliers” pixels, said outliers pixels being pixels whosestatistical distance to other pixels of the subset is superior to athreshold. The threshold (and for i=1, the statistical distance) can beset so as to maximize the reliability of the generated identifier. Thestatistical distance can be determined between temporal distributions ofsignals of pixels of the subset of pixels.

“Pathological” pixels are now discussed. The terminology used designatepixels which repeatedly and abnormally react to uniform and comparableinputs.

With respect to pathological pixels, high(er) statistical moment ordercan be considered. The abnormality criterion can dive into theproperties of the signals indeed (superior moment orders).

At moment order 1 (i=1), the output voltage value is considered. In sucha case, pathological pixels are those whose outputs are notably offsetwith respect to the others or even independent of the input, for examplebut not exhaustively stuck pixels or bright dots or dark dots. For i=1,advanced methods taking in account the whole temporal distribution canbe used: statistical distances between the spatial distribution of thei^(th) order values and the different pixel output value temporaldistribution can advantageously be estimated to identify and select thepathological pixels.

At moment order 2 (i=2), the standard deviation of the temporaldistribution is considered. Pixels which are agitated and/or whichflicker and/or which are unstable and/or which are noised are thenconsidered and leveraged.

At higher moment orders, distribution properties can be advantageouslyleveraged.

Skewness (i=3) designates the measure of the asymmetry of theprobability distribution of a real-valued random variable about itsmean. The skewness value can be positive or negative, or undefined. Thequalitative interpretation of the skew is complicated and unintuitive.Advantageously, as real data points may not be perfectly symmetric, thedetermination of the skewness of the dataset indicates whetherdeviations from the mean are going to be positive or negative. In theend, such a property can be determined and further leveraged todetermine pathological pixels, in turn leading to key generation.Measures of skewness comprise Pearson's coefficients, quantile-basedmeasures, L-moments, distance skewness, Medcouple, etc.

Kurtosis (i=4) is a measure of the “tailedness” of the probabilitydistribution of a real-valued random variable. In a similar way toskewness, kurtosis is a descriptor of the shape of a probabilitydistribution. Several ways of quantifying kurtosis are possible.

Noticeably, pathological pixels are pathological within small variationsof the chosen input. Quantitatively, input values can advantageously beselected knowing the nature of the “pathological” pixels (e.g. black orthe absence of photons is more efficient to determine hot pathologicalpixels). The optimal input illumination can either maximizes the numberof selected pixels or the reliability of the identifier extraction(measuring the bit error rates for multiples generation).

For moment order 1, the absence of lighting is advantageous because itis easier to determine deviations to a null value. There is also onlyone way to perform these conditions: the absence of photons (this alsoavoids nearby or adjacent pixels' perturbations). Pixels of the imagingsensor all appears to be identical at first and superficially. In factthey are not, as irreducible defects and differences exist between them.

The statistical characterization according to the invention (i.e.handling statistical moments of order i of the temporal distribution ofsignals) is advantageous in that it allows to deep dive into theproperties of the imaging sensor and its constituents and to possiblyextract a signature that can be both unique and possibly reproducible.

Taking a plurality of images increases the knowledge about each pixel(its “behavior”). Taking a plurality of images allows handlingstatistical analysis, in particular to estimate statistical moments(i.e. moments of orders 1 to n can be determined). The higher number ofimages the better confidence interval of the statistical momentestimation. Hence taking a high number of images ensures that temporalnoise does not influence the selection of pixels. The more images, themore precise the knowledge of the distribution, the better pathologicalpixels can be determined. The statistical moment of order i refers tothe number of images to be taken.

To estimate the i^(th) order statistical moment with a finite confidenceinterval, a sufficient number of images are required. For example, withone single image, the pixel output value is the better estimation of thestatistical moment of order i=1 (mean) but the confidence intervaldepends on the width of the statistical distribution (2^(nd) orderstatistical moment). However, with one single image, variance or (2thorder statistical moment) is at best steadily equal to zero ormeaningless. Hence in an upstream sensor characterization phase, a highnumber of images could be acquired to precisely determine thestatistical distributions of each pixel of the subset and then fix thenumber of images required in run-time to estimate the ith orderstatistical moment within a pre-determined and arbitrary smallconfidence interval.

Outliers' pixels of a sensor are not known “a priori”. Outliers pixelsare discovered (hidden absolute reality) or at least determined(relative truth) at enrollment phase (for example in the lab or themanufacturing facility). An exploration of the matrix can be performed(i.e. a «scan», in the meaning of exploring or analyzing the noisedistribution and its intimate properties). Once discovered, coordinatesof outliers pixels are known and can be exploited to generate anidentifier (a key), which itself can serve for different purposes.

In some embodiment, i=1, a threshold or range of threshold can be usedto determine one or more outliers pixels. In some embodiments, outliers'pixels can be determined according to a reference to an intermediateobject, namely a “statistical distance”. Such a reference distanceadvantageously allows for flexible developments of the invention (astatistical distance conveys broader consequences than a merethreshold). Examples of advantageous statistical distances compriseKullback-Leibler divergence, Hellinger distance, total variationdistance, Rényi's divergence, Jensen-Shannon divergence, Lévy-Prokhorovmetric, Bhattacharyya distance, Wasserstein metric, Kolmogorov-Smirnovstatistic, maximum mean discrepancy). Other alternative approaches thanstatistical distance can be considered (e.g. signal-to-noise ratiodistance, Mahalanobis distance, energy distance, distance correlation,Łukaszyk-Karmowski metric).

The steps described hereinabove are not necessarily ordered in the waythey are described therein. For example, images can be taken first andthe subset of pixels can be defined afterwards.

For the example of a 128-bit key, the probability that the n^(th) bit isequal to 0 (resp 1) is equal to the conditional probability that then^(th) bit is equal to 0 (resp 1) knowing the additional informationplaced in the helper data file.

In an embodiment, the computer-implemented method further comprises thestep of generating 120 an identifier from the determined outliers'pixels.

By design, such an identifier (or a “key”) is generally unique and itsdetermination can be made reproducible on a dedicated device.

The coordinates of outliers' pixels (information position) can be usedto derive an identifier (a key). Many different methods can be used toderive an identifier from outliers' pixels. A few examples are describedhereinafter, considering one outlier pixel.

Given the 2 coordinates (Xi, Yi) of the considered outlier pixel i (forexample Xi=450, Yi=1001), a first method can comprise the step of theconsidered outlier pixel i providing one bit, for example, the parity ofXi XOR the parity of Yi. In the provided example as the parity of Xi is0 (pair) and of Yi is 1 thus the output is 0 XOR 1 thus 1. Numerousother methods can be applied (e.g. parity Xi XOR NON parity Yi).

Alternatively, a selected pixel can provide more than one output bit(n>1). The actual figure depends on dimensions of the imaging sensor.For example, for a sensor of 2464 by 3280 pixels, the working surfacecan be a square of 2{circumflex over ( )}11 by 2{circumflex over ( )}11pixels (to maintain a symmetry between X and Y). Coordinates of the 4194 304 pixels (2048 by 2048) can be encoded over 11 bits. For exampleXi=450 can be written in base 2 (over 11 bits) as “00111000010” andYi=1001 can be written as “01111101001”. Many different methods may beused to generate a key. For example, strings Xi and Yi can beconcatenated into 0011100001001111101001 (or into0111110100100111000010, or interlaced, or XORed, or otherwise composed).As a result, a string of 22 bits of information can be obtained.

In an embodiment (which can be applied or combined with any of thepreceding steps), information position on Xi can be stored in a helperdata file (in clear, or ciphered, managed as a secret) and Yi can becoded over M bits (as described above): this will allow to get a key ofM bits. Thanks to helper data files which optimize outliers' pixelresearch without revealing anything about the identifier, the number ofrequired images may be reduced.

In some embodiments, information position may not use coordinates (Xi,Yi) referential. As other coordinate systems are possible, the origin(referential center) can be chosen arbitrarily. For example, bit signscan be used: pixel (1,1) can be located anywhere on the matrix or arrayof pixels. As a consequence, the steps to extract a key may be diverse.

Key extraction more generally can result from (i) arithmetic and logicaloperations performed on the parity of the coordinates of the pluralityof the outlier pixels, and/or from (ii) logical operations and/orcombinations of output bits obtained by encoding in base 2 of thecoordinates. Optionally, part of the information (i, ii) can be storedin a helper data file. Optionally, values of coordinates (i, ii) can bechanged depending on the reference system.

It is underlined that a key can be extracted from one or more of suchoutliers' pixels. In other words, an optional selection step can beperformed, consisting in selecting a set of outliers pixels among thosehaving being determined (i.e. a further selection), in order to derive akey or identifier from said (second) selection. Advantageously, the wayto handle the latter selection can be secret or tentatively (to furtherprotecting the generated key).

The preceding methods and options described can be set as to extractkey(s) from the knowledge of the outliers' pixels according to theinvention. It is underlined that numerous variants of extraction arepossible. Once known and kept stable, the key extraction can allowextracting reliably the same key out of the imaging sensor.

A given key may be obtained from the knowledge of outliers' pixels andof a set of arbitrarily but deterministic sequence of steps applied to aselection of outliers pixels.

In some embodiments, the generated key can be stored or cached (andfurther checked on demand, for example for a payment application).

In some embodiments, the generated key is not stored (in somesituations, storing a generated key can raise security issues). In someembodiments, the SPUF (“synthetic PUF” or “artificial” PUF) according tothe invention is challenged each and every time a key is needed. Keyrequests/generation can occur at a high rate (for example a key eachsecond, as required by a payment platform). In some embodiments, thegenerated key can be stored (e.g. cache mechanism).

As examples of typical orders of magnitude, enrollment performed atmanufacturing can be performed in matter of seconds or minutes(considering hundreds, thousands, if not millions of images for verystable isolation of outliers pixels); at runtime, knowing the e.g. 5-10addressable reliable outliers pixels, query time can be a fraction of asecond (e.g. few milliseconds). Signal analysis can be very brief. Therequired time duration is mainly determined by the acquisition of the Nimages.

In some embodiments, the method can comprise a step of seeding a PseudoNumber Random Generator with said generated identifier. Such anembodiment can be advantageously considered as a backup or fallback orsubstitute for a True RNG (which provides a different true random valueat each query).

In an embodiment, the computer-implemented further comprises the step ofcomparing the generated identifier and/or hash value thereof with otheridentifiers to authenticate the imaging sensor.

Such an identifier can serve different purposes. For example, anidentifier can be used to identify a computer device, i.e. by generatinga secret which is intrinsic to the computer device consumer electronics(comprising the imaging sensor, itself comprising the outliers' pixels).By comparing (e.g. published, shared, etc) identifiers, authenticationcan be obtained. Many downstream applications can be further enabled(for example a payment platform can allow a transaction conditional tothe retrieval of the appropriate identifier on the device, a softwarelicense check can use such a verification etc).

In an embodiment, the threshold 230 is received and/or predefined (231).

In an embodiment, the threshold can be given, i.e. received from anotheruser or machine entity. The threshold can be predefined, for examplelocally accessible (e.g. stored in a memory accessible to the processorhandling data to characterize outliers' pixels).

In an embodiment, the threshold 230 is function of one or more desiredproperties of the generated identifier, said properties comprising bitlength and/or bit error (232).

In some embodiments, the threshold can be determined (233), and notpredefined.

The determination or calculation can be performed in different ways:iteratively, by dichotomy, by applying heuristics, programmatically(i.e. computable as a result of an algorithm), analytically (i.e.computable by considering an analytical function the statistical momentsof order i of the temporal distribution). For example, the threshold canbe determined by dichotomy: given a first threshold giving an inferiorbound, pixels can be analyzed, then ordered, then the statisticaldistance (for the specific case i=1) between pixels can be determinedand maximized, the threshold can be placed half way and the loop cancontinue. The selection criterion or threshold can be iterativelyincreased or decreased. The threshold can be stored (and furtherprotected, i.e. securely). Methods related to graph analysis can beapplied (e.g. to determine overlaps and to maximize differences betweensamples values, i.e. to find pixels as different as possible but whilemaximizing the bit error rate and getting stable pixels.

Machine learning or clustering algorithms (k-means) may be used. In thecase of a clustering strategy, the threshold is linked to the centroiddistance between the more populated cluster (“non-pathological pixels”)and others single or few pixels clusters which are precisely the onespathological. In the case of a clustering strategy, the threshold islinked to the centroid distance between the more populated cluster(“non-outliers pixels”) and others single or few pixels clusters whichare precisely the ones outliers.

The “controllability” of the system considered by the invention iscomplex and can be manipulated in various ways. Downstream objectivescan pilot or guide or influence or determine upstream parameters.Multi-objective optimization can be performed. Requirements orconstraints or objectives can be given for various reasons (e.g.operational constraints, time available for image acquisition, renewalsof keys e.g. every 250 milliseconds, desired reliability of keys, etc).

For example, to get a 128 bits key, a number n1 of pixels can be needed,and following N1 images can be needed for reliability requirements (N1determines the confidence interval of the ith order moment estimation),and further the selection threshold can be adjusted/set accordingly todetermine outliers pixels. According to another example, given that N2images can be taken in operation and that 6 outliers pixels have beenpreviously discovered, it can be determined that a key with a maximallength of 256 bits can be obtained. According to another example, it canwell be that the number of images that can be taken can be limited: inturn this will limit the number of reliably selected pathological pixelsand so the key size which can be obtained. The threshold (and for i=1,the statistical distance) can be set so as to maximize the reliabilityof the generated identifier. The statistical distance can be determinedbetween temporal distributions of signals of pixels of the subset ofpixels. The term “reliability” refers to a normalized quality for theskilled person (typically 10{circumflex over ( )}−9 number of errors fora bit, i.e. bit error rate).

In an embodiment, the number of images N and the threshold is set so asto determine repeatedly the same outliers pixels for a given statisticalorder i.

In an embodiment, the enrollment phase can be repeated so as todetermine the reliable pixels, i.e. those which are consistentlyselected.

The term “reliable” refers to the fact that the same—physical—pixels(i.e. same coordinates, same positions, named “steady outliers pixels”)will be determined if queries are repeated over time (under the samespatially uniform conditions). Stability means that whatever the pixels,the same pixels can be identified. It is indifferent to obtain a samenumber of pathological pixels if these change: it is required that theexact same individual pixels are found. Experimentally, asymptoticconvergence can be observed. Manipulating the statistical distance (orthreshold or range of thresholds) can allow identifying these reliablepixels.

The term “reliability” refers to repeated and multiple key generations:the number of errors (non-repeatedly constant) bit can be chosenarbitrary small. The required bit error rates (which precise values candepend on the envisioned application) can directly influence the numberof required images N.

Methods related to graph analysis can be applied (e.g. to determineoverlaps and to maximize differences between samples values, i.e. tofind pixels as different as possible but while maximizing the bit errorrate and getting reliable pixels).

In an embodiment, coordinates of outliers' pixels are stored in a helperdata file (240).

In an embodiment, the coordinates (locations, positions e.g. lines andcolor) of outliers pixels can be memorized in a helper data file. Theselected pixels can be later challenged. The helper data file can beburnt in the hardware and/or stored in software.

Advantageously, using a helper data file improves performances.Reliability is also improved because the interrogation of pixels isfocused and avoids nearby or adjacent perturbations or hysterisis.

The knowledge stored in the helper data file is not sufficient for anattacker to reveal the key. Yet it can lead to significant improvementsin performances at run-time (scan time is reduced but secret of the keyis preserved). The probability of outputs bits given this helper datafile information is a conditional probability: would an attacker knowit, he wouldn't get access to the identifier or key. The probabilitythat the nth bit is equal to 0 (resp 1) is equal to the conditionalprobability that the nth bit is equal to 0 (resp 1) knowing theadditional information placed in the helper data file.

For example, the number of images N and the list of abscissa orordinates of the selected pixels can be stored for higher performances,without revealing anything about the selection criterion on itself andabout the positions of the selected pixels.

In an embodiment, spatially uniform conditions 2121 are obtained byclosing the shutter associated with the imaging sensor.

In an embodiment, uniform illumination can be obtained by closing theshutter associated with the imaging sensor. In addition oralternatively, the imaging sensor can be placed in a black box limitingor preventing the presence of photons.

In an embodiment, the imaging sensor can be partly exposable to lightwhile borders of the sensor can remain permanently in the shadow. Thelatter part can be exploited to perform steps of the method, e.g.without even the need for special illumination conditions and also in acontinuous manner. In an embodiment, a first key (or part of key) issupported by the borders of the imaging sensor while a second key (orpart of key) is supported by the matrix exposable to photons.

In an embodiment, spatially uniform conditions are obtained by groundingout the photodiodes associated the pixels of the subset of pixels.

In an embodiment, spatially uniform conditions are obtained on thesubset of pixels by adjusting the light source and/or by shaping thelight beam.

The light source can be a laser for example (e.g. LED). Internal signalmodulation can be used (e.g. power modulation, wavelength, stroboscopicmodes). Various optics and masks can be used (e.g. optical masks and/ormechanical masks, optics such as lens or beam shaping devices applied toone or more lighting sources, said lighting sources delivering photonsof configurable wavelength). In an embodiment, a predefined graphical“mask” is applied (e.g. chessboard, patterned image, subdivided parts ofthe matrix is selectively challenged, e.g. those pixels of the shadowedpart are solicited). A configurable mask can be placed in front of theimaging sensor when taking pictures. The mask can comprise pattern (e.g.lines, grids, chessboard, etc).

In an embodiment, an image is in a lossy compression format (250).

Embodiments of the invention can address lossless compression but alsolossy compression algorithms used in images. Lossless compression is aclass of data compression algorithms that allows the original data to beperfectly reconstructed from the compressed data (for example FLAC islossless for audio signals). Being unmodified, pixel signals can beanalyzed and noise manipulation can allow efficient key extraction.Lossy compression permits reconstruction only of an approximation of theoriginal data.

A lossy compression algorithm can affect the first moment order butremains indifferent at higher orders.

In an embodiment, raw data is handled (i.e. no compression, signalsoutput by pixels without post-processing). The expression “raw data”designates data associated with each pixel without post-processing. Inmodern imaging sensors embedded in consumer electronics, access to rawdata is generally possible in software. For example, raw data files canbe stored on SD cards in .RAW format.

In some specific imaging circuits however, access to RAW data files maybe complicated, as post-processing steps can be applied directly inhardware to the signals captured by pixels. For example, functions suchas “LSC” and/or “spot pixel compensation” can occur and can affect theraw data, adding undesirable noise to the signals captured by pixels. Abypass is to get access to raw data at hardware level. The method alsocan be robust to some of these post-processing steps. Post processing ofthe signals output by pixels can affect spatial noise (distribution).Pre or post processing=off-chip lossy compression e.g. JPEG, videoencoding MP4, in-chip hardware Channel Double Sampling. The claimedmethod by handling statistical moments of higher order of the temporalnoise is robust to said pre/post processing affecting spatialdistributions (values can be centered, distributions can be shifted,etc).

In an embodiment, an image is a video frame (260).

The acquired images or parts thereof can be video frames. Videocompression algorithms and codecs combine spatial image compression andtemporal motion compensation. Like the preceding observation regardinglossy compression, these video compression and compensation algorithmsdo not bar the invention to work. Advantageously, current imagingsensors in consumer electronics devices typically can take up to 30images per second, if not considerably more. Such orders of magnitudeallow getting interesting key lengths and this rapidly.

In an embodiment, the method can comprise a step of detecting ordetermining post-processing step applied to one or more images isdetected. The method in turn can operate at higher moment order (e.g.plus one): advantageously, a key can still be extracted from the imagingsensor outputs. In order words, technologies like Channel DoubleSampling (CDS) can be implemented in hardware and can obfuscate theproperties of individual pixels. In such a case, the analysis of momentsof superior order can allow to perform steps of the method and to stillgenerate keys.

PUFs are now briefly discussed. A PUF is known to be a PhysicallyUnclonable Function, i.e. a hardware function providing a response whena challenge is applied to the considered piece of hardware. It is to beunderlined that the very definition of this technical object orembedding “Physically Unclonable Function” is still intensely debated,amongst persons who can be qualified as “skilled persons in the art”.The term is not yet standardized. For example, associated properties ofa PUF (e.g. “reliability” or “unclonability” properties) are subtle andtherefore debated. The term PUF in fine appears to be a namingconvention, which lacks reliable and clear definition.

In the present case, described method steps do indeed characterize aPUF. Embodiments of the invention enable to create a “PhysicallyUnclonable Function”: commonly accepted properties of a PUF are matchedby the emerging properties of the method steps once performed.

Fixed-Pattern Noise (FPN) is now briefly discussed. FPN designates thenoise on digital imaging sensor. The invention fundamentally differsfrom FPN and related techniques. At least two aspects can be mentioned.

First, FPN manipulates output values of pixels, i.e. at moment order 1.By contrast, the invention goes beyond FPN, as it generalizes tostatistical moments of higher order. According to the invention, theselected pixels are those which are the most abnormal given a selectioncriterion which operates at a moment of order i with respect to athreshold, said threshold being empirically determined (for exampleiteratively, heuristics, machine-learning, clustering, graph algorithmsetc). This comparison allows extracting a number of bits as desired.Experimental data results indicate that the reservoir of candidatepixels is larger than the necessary number of pixels to construct keywith standard key length in the industry (128 up to 4096 bits).

Second, FPN considers the spatial noise (in pixels' output signals),which is not considered by the present invention (in terms of space, theconsidered aspect relates to the input and not to the output). Whateverthe FPN, embodiments of the invention do consider outliers pixels. Tosome extent, embodiments of the invention rely on the fact (orhypothesis) that outliers pixels appear randomly in or on the imagingsensor (homogeneously distributed on the surface given the dimensions ofthe imaging sensor). Some experiments have shown that this hypothesis isvalid. The statistical law of interest in the present case remains thelaw of large numbers (imperfections of manufacturing processes of FPN).

FIG. 3 illustrates an example of uniform conditions.

As expressed by equation 310, over time [T0, T int] the consideredpixels receive the same amount of energy: this leaves room for a widerange of energy distribution profiles over time. For example a subsetsof the pixels 301 of the imaging sensor 100 (or part of it) can receivemuch more energy or light at start while some other 302 can remain inthe dark, then the situation can evolve and be reversed: at the end ofintegration time/image acquisition time interval [T0, T int], pixelswill have had received the same amount of energy. Various energydistribution profiles can thus be implemented.

In mathematical terms (equation 1),∀(i,j) ϵΩ, E _(i,j)=∫₀ ^(T) ^(int) e _(i,j)(t)dt=E _(Ω)independent of(i,j)

wherein e_(i,j)(t) dt is the energy received by the photodiode duringthe time dt, hence (equation 2):e _(i,j)(t)dt=N _(ν)(i,j)×hν

wherein Nν (i, i) is the number of incident photons of frequency ν onthe photodiode of pixel (i, j) and h represents Planck constant.

Experimental macroscopic conditions (e.g. image acquisition triggering,stability, alignment, illumination conditions) can be controlled to someextent (for example, temperature of the device comprising the imagingsensor can evolve over minutes; image acquisition being performedsignificantly faster can be indifferent to temperature changes). Atleast, experimental conditions can be mitigated and tradeoffs can befound. Independently, at photonic level, the exact distribution ofphotons onto the matrix of pixels is not controllable as such (the exactnumber of photons received by each pixel cannot be measured and afortiori controlled), so as the photoelectric conversion efficacy ofeach pixel (for example). Yet the associated aleas do not implyconsequences, from a statistical standpoint. As a result, it isnecessary and sufficient to place the considered pool of pixels (whichare by definition adjacent to one another, i.e. placed in the sameenvironmental conditions). For example, even if a few photons remain inthe chamber containing the imaging sensor, uniformity condition can bemet.

Given the requirement of uniform conditions, various correspondingembodiments are possible. Experimentally, uniform illuminationconditions can be obtained by using various optical masking, beamshaping and/or light source adjustments. Uniform conditions also can beobtained by grounding out the photodiodes and/or transistors. Inparticular, illumination can be controlled to some extent: predefinedcolor spaces for example can be used. The subset of pixels (e.g. imagingsensor) can be placed in the dark (no photons, i.e. shutter closed), oreven reinforced dark (dark chamber in addition to closed shutter).Advantageously, measuring the noise of pixels at rest (withoutexcitation, leak currents) optimizes or leverages the sensitivity ofpixels. In some embodiments, rather than obscuring pixels, the subsetcan be saturated (e.g. flash), but the latter increases noise i.e. doesnot exploit sensitivity of pixels in an optimal manner, which degrees offreedom are constrained. In some embodiments, predefined color spacescan be used (for example yellow color values RGB 254 221 0). Such one ormore intermediate colors can present advantageous tradeoffs (sensitivitydue to manufacturing technologies, discovery time, query time, resultingreliability, etc). Sequence of illuminations and/or colors can be used(e.g. dark, yellow, green, dark).

FIG. 4 illustrates structural aspects of some embodiments of theinvention leveraging shared electronics in an imaging sensor.

In an embodiment, the subset of pixels is determined according tostructural information on the shared electronics of the imaging sensor.

The expression “shared electronics” refers to the fact that some parts(i.e. transistors) of the imaging sensor can be shared amongst aplurality of photodiodes. A standard CMOS pixel for example can be aso-called 4T cell, comprising a photodetector (a pinned photodiode), afloating diffusion, a transfer gate, reset gate, selection gate andsource-follower readout transistor. In some architectures, subparts canbe shared between cells (a 3T pixel comprises the same elements as the4T pixel except the transfer gate and the photodiode).

More generally, other parts than transistors can be shared. For example,shared electronics may comprise “shared pixels”, “column amplifiers”,“shared transistors” etc.

Shared electronics leads to internal correlations of signals. Thesestructural features in the end influence the spatial noise. Accordingly,related to the steps of the method handling temporal distributions,advantageous optimizations can be determined given these underlyinghardware differences.

In an embodiment, these structural properties can lead to specificselections of pixels (the subset of pixels which is considered).

In the example of pixels 410, each photodiode is associated with atransistor. The example 420 shows an example with shared electronics(here with column amplifier): noise is “spread” over a column (there isa loss of spatial entropy).

In an embodiment, it may be advantageous to average by column (as aprojection, i.e. lines values are added and then divided by the numberof lines), as shown in 430. In the latter case, temporal information isgained (relatively to spatial noise i.e. the ratio spatial over temporalnoise is affected).

There is disclosed a computer program comprising instructions forcarrying out one or more steps of the method when said computer programis executed on a computer.

There is disclosed a system comprising means to perform one or moresteps of the described methods. In space, some steps can be performedlocally and/or remotely (e.g. in the smartphone comprising the imagingsensors, possibly with some steps being performed in the network or inthe cloud). Local execution can involve (specific/dedicated and/orgeneric) hardware blocks, and/or software. Corresponding hardwarecircuits can be distributed within the computer device, or gathered in aspecific circuit. In time, some steps can be performed in the past (e.g.prior steps, “offline”, etc) and/or in the present time (e.g. “online”).

In an embodiment, the method according to the invention can beimplemented by an entirely embedded hardware block. In an embodiment,the disclosed method can be performed by embedded hardware and softwarerunning on a local processor. Some embodiments of the disclosedinvention can be entirely hardware embodiments. Some embodiments can beentirely software embodiments. Some embodiments can contain bothhardware and software elements. The invention also can take the form ofa computer program product accessible from a computer-usable orcomputer-readable medium providing program code for use by or inconnection with a computer or any instruction execution system. Acomputer-usable or computer-readable can be any apparatus that cancontain, store, communicate, propagate, or transport the program for useby or in connection with the instruction execution system, apparatus, ordevice. The medium can be an electronic, magnetic, optical,electromagnetic, or semiconductor system (or apparatus or device) or apropagation medium.

The invention claimed is:
 1. A method of handling a sensor, the methodcomprising: defining a subset of sensor components of the sensor;challenging said subset of sensor components under uniform conditions;receiving output signal values from said subset of sensor components;for each component of the subset of sensor components, determining thestatistical moment of order i of the temporal distribution of the outputsignal value of said each sensor component; determining one or moreoutliers sensor components, said outliers sensor components beingcomponents whose i^(th) order statistical moment has a difference withthe mean value of the spatial distribution of the chosen moment over thesubset superior in absolute value to a threshold, the it^(h) orderstatistical moment of one sensor component being estimated on thetemporal distribution associated to this sensor component.
 2. The methodof claim 1, wherein the sensor is an imaging sensor and wherein a sensorcomponent is an active pixel, the imaging sensor thereby comprising aplurality of active pixels.
 3. The method of claim 2, wherein thechallenging the subset of active pixels under uniform conditionscomprises acquiring a plurality N of images.
 4. The method of claim 3,wherein the number of images N and the threshold is set so as todetermine repeatedly the same outliers pixels for a given statisticalorder i.
 5. The method of claim 2, wherein uniform conditions arespatially uniform conditions which are obtained by closing the shutterassociated with the imaging sensor and/or by grounding out thephotodiodes associated the pixels of the subset of pixels and/or byadjusting the light source and/or by shaping the light beam.
 6. Themethod of claim 2, wherein the subset of pixels is determined accordingto structural information on the shared electronics of the imagingsensor.
 7. The method of claim 1, wherein the sensor is a combination ofindependent sensors.
 8. The method of claim 1, further comprisinggenerating an identifier from the determined outlier's sensorcomponents.
 9. The method of claim 8, further comprising comparing thegenerated identifier and/or hash value thereof with other identifiers toauthenticate the imaging sensor.
 10. The method of claim 8, wherein thethreshold is function of one or more desired properties of the generatedidentifier, said properties comprising bit length and/or bit error. 11.The method of claim 1, wherein the threshold is received or predefined.12. The method of claim 1, wherein information about outliers' sensorcomponents is stored in a helper data file.
 13. A computer programproduct comprising computing instructions stored on a non-transitorycomputing storage medium for carrying out the method according to claim1 when said computing instructions are executed on a computer.
 14. Asystem configured to handle a sensor, comprising: a processor configuredto define or to receive information about a subset of sensor componentsof the sensor, said subset of sensor components being challengeableunder uniform conditions; a receiver configured to receive output signalvalues from said subset of sensor components; for each component of thesubset of sensor components, the processor being configured to determinethe statistical moment of order i of the temporal distribution of theoutput signal value of said each sensor component; the processor beingfurther configured to determine one or more one or more outliers sensorcomponents, said outliers sensor components being components whosei^(th) order statistical moment has a difference with the mean value ofthe spatial distribution of the chosen moment over the subset superiorin absolute value to a threshold, the i^(th) order statistical moment ofone sensor component being estimated on the temporal distributionassociated to this sensor component.
 15. The system of claim 14, theprocessor being further configured to generate an identifier from thedetermined outliers pixels.